Privacy Notice

Being transparent and providing accessible information to individuals about how you will use their personal data is a key element of the Data Protection Act 1998 and GDPR. The most common way to provide this information is in a Privacy Notice.

Your Privacy Notice should be written in clear, plain language. It must be readily available, free of charge, and easy to understand. If you have members who for whatever reason cannot view the Notice online, you should make it available to them in hard copy.

You must include the identity and contact details for yourselves as a church as well as the person or persons responsible for overseeing Data Protection within the church.

You must outline all your plans for an individual’s data. This means setting out exactly what data you want to collect (names, addresses, pastoral information) and exactly what you want to do with it. You must make as comprehensive a list as possible, covering everything from taking attendance, to encouraging someone along their spiritual journey, to fundraising.

You must list any third parties who will have access to the data, e.g. HMRC or Data Processors such as iKnow Church, Google Drive or Dropbox.

You must clearly state their right to withdraw consent at any time, and their right to lodge a complaint with the ICO.

You need to include details of any transfers you plan to make of their data to foreign countries, and any automated decision-making you have in place.

You can find more information and a checklist on the ICO website here, and see guidance related to other forms of documentation (such as your Data Retention Policy and Information Security Policy) here.